aboutsummaryrefslogtreecommitdiffstats
path: root/Changelog
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-18 21:07:01 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-20 22:13:41 +0100
commit0ef94d85e58497dcb2c4c954cadcac918032467a (patch)
tree9ff32832dc06f0c8b17ae19c9e9fbcd46e48d2ba /Changelog
parent4a502836164821b9faa56d363c8fb116ce032321 (diff)
Add %-specifiers support.
lacme(8): for --config=, --socket=, --config-certs= (and ‘socket’/ ‘config-certs’/‘challenge-directory’ configuration options *before* privilege drop; and for the [accountd] section ‘command’/‘config’ configuration options *after* privilege drop). lacme-accountd(1): for --config=, --socket= and --privkey= (and ‘socket’/‘privkey’ configuration options). This also changes the default configuration file location. lacme(8) and lacme-accountd(1) now respectively use /etc/lacme/lacme.conf resp. /etc/lacme/lacme-accountd.conf when running as root, and $XDG_CONFIG_HOME/lacme/lacme.conf resp. $XDG_CONFIG_HOME/lacme/lacme-accountd.conf when running as a normal user. There is no fallback to /etc anymore.
Diffstat (limited to 'Changelog')
-rw-r--r--Changelog23
1 files changed, 18 insertions, 5 deletions
diff --git a/Changelog b/Changelog
index 8952ba6..966b0b0 100644
--- a/Changelog
+++ b/Changelog
@@ -19,9 +19,16 @@ lacme (0.7.1) upstream;
validate provided X.509 chains using that self-contained bundle,
regardless of which CAs is marqued as trusted under /etc/ssl/certs.
This change bumps the minimum OpenSSL version to 1.1.0.
- * Breaking change: lacme(8) resp. lacme-accountd(1) no longer consider
- ./lacme.conf resp. ./lacme-accountd.conf as default location for the
- configuration file.
+ * Breaking change: lacme(8) and lacme-accountd(1) respectively load
+ their configuration file from /etc/lacme/lacme.conf resp.
+ /etc/lacme/lacme-accountd.conf when running as root, and
+ $XDG_CONFIG_HOME/lacme/lacme.conf resp.
+ $XDG_CONFIG_HOME/lacme/lacme-accountd.conf when running as a normal
+ user. There is no fallback to /etc anymore, and the lookup in the
+ current directory as prefered choice is removed too. However
+ lacme-accountd(1) can be used without configuration file under
+ ~/.config/lacme as it treats a non-existent default location as an
+ empty file.
* The client, webserver, and accountd commands are now split on
whitespace. This doesn't change the default behavior but allows
using `ssh -T lacme@account.example.net lacme-accountd` to spawn a
@@ -30,11 +37,17 @@ lacme (0.7.1) upstream;
https://letsencrypt.org/docs/staging-environment/ .
* lacme(8)'s 'config' option in the [accountd] section no longer have a
default value. The previous default /etc/lacme/lacme-accountd.conf
- is still honored when there is the user running lacme doesn't have a
- ~/.config/lacme/lacme-account.conf configuration file.
+ is still honored when root privileges are preserved (the default).
* Deprecate setting 'privkey' in [accountd] section of the lacme(8)
configuration file. One need to use the lacme-accountd(1)
configuration file for that instead.
+ * lacme(8): add %-specifiers support for --config=, --socket=,
+ --config-certs= (and 'socket'/'config-certs'/'challenge-directory'
+ configuration options *before* privilege drop; and for the [accountd]
+ section 'command'/'config' configuration options *after* privilege
+ drop).
+ * lacme-accountd(1): add %-specifiers support for --config=, --socket=
+ and --privkey= (and 'socket'/'privkey' configuration options).
+ Improve nginx/apache2 snippets for direct serving of challenge files
(with the new 'challenge-directory' logic symlinks can be disabled).
+ Split Nginx and Apapche2 static configuration snippets into seperate